Tag: Hacking

CRYSTALRAY Hackers Infect Over 1,500 Victims Using Network Mapping Tool
News

CRYSTALRAY Hackers Infect Over 1,500 Victims Using Network Mapping Tool

An earlier observation of a threat actor utilizing an open-source network mapping tool revealed that they had significantly increased their operations to infect more than 1,500 individuals. The operations have increased tenfold, according to Sysdig, which is monitoring the cluster under the moniker CRYSTALRAY. It further states that these activities include "mass scanning, exploiting multiple vulnerabilities, and placing backdoors using multiple [open-source software] security tools." The assaults' main goals are to install cryptocurrency miners, collect and sell credentials, and stay persistent in target systems. The United States, China, Singapore, Russia, France, Japan, and India are among the countries where the bulk of illnesses are concentrated. SSH-Snake, an open-source ap...
China-Linked Hackers Used ROOTROT Webshell in MITRE Network Intrusion
News

China-Linked Hackers Used ROOTROT Webshell in MITRE Network Intrusion

Further information about the previously publicized cyberattack has been provided by the MITRE Corporation, which claims that the first indication of the infiltration now dates back to December 31, 2023. This attack was discovered a month ago and targeted MITRE's Networked Experimentation, Research, and Virtualization Environment (NERVE) by taking use of two zero-day vulnerabilities in Ivanti Connect Secure, which are identified as CVE-2023–46805 and CVE–2024–21887, respectively. Using a hacked administrator account, the attacker moved about the research network via VMware infrastructure. To stay persistent and obtain credentials, the attacker used a mix of web shells and backdoors, according to MITRE. Although the organization had previously revealed that the attackers began con...
Hackers Exploiting Ivanti VPN Flaws to Deploy KrustyLoader Malware
News

Hackers Exploiting Ivanti VPN Flaws to Deploy KrustyLoader Malware

A pair of zero-day vulnerabilities in Ivanti Connect Secure (ICS) virtual private network (VPN) devices have been discovered recently, and they have been utilized to drop the open-source Sliver adversary simulation program. The payload, named KrustyLoader, is built on Rust. On vulnerable appliances, the security flaws identified as CVE-2023-46805 (CVSS score: 8.2) and CVE-2024-21887 (CVSS score: 9.1) could be exploited in concert to accomplish unauthenticated remote code execution. As of January 26, the software vendor has published an XML file as a temporary mitigation read more Hackers Exploiting Ivanti VPN Flaws to Deploy KrustyLoader Malware. Get up to date on the latest cybersecurity news and enhance your knowledge of cybersecurity with our thorough coverage of the dangers, ...
Ivanti warns critical EPM bug lets hackers hijack enrolled devices
News

Ivanti warns critical EPM bug lets hackers hijack enrolled devices

In its Endpoint Management software (EPM), Ivanti addressed a serious remote code execution (RCE) vulnerability that may have allowed unauthorized attackers to take control of registered devices or the core server. Ivanti EPM facilitates the management of client devices on a variety of operating systems, including Windows, macOS, Chrome OS, and Internet of Things. All supported Ivanti EPM versions are affected by the security weakness (recorded as CVE-2023-39366), which has been fixed in version 2022 Service Update 5. Low-complexity attacks that don't require privileges or user engagement can be exploited by attackers who have access to the internal network read more Ivanti warns critical EPM bug lets hackers hijack enrolled devices. Get up to date on the latest cybersecurity new...
Microsoft: Hackers target defense firms with new FalseFont malware
News

Microsoft: Hackers target defense firms with new FalseFont malware

Microsoft claims that the newly found FalseFont backdoor software is being used by the Iranian cyber-espionage outfit APT33 to target defense contractors across the globe. "Microsoft has observed the Iranian nation-state actor Peach Sandstorm attempting to deliver a newly developed backdoor named FalseFont to individuals working for organizations in the Defense Industrial Base (DIB) sector," the business stated. Over 100,000 defense firms and subcontractors that do research and development on military weapon systems, subsystems, and components make up the DIB read more Hackers target defense firms with new FalseFont malware. This hacking gang, which is also known by the names Peach Sandstorm, HOLMIUM, and Refined Kitten, has been active since at least 2013. Get up to date on the...
North Korean Hackers ‘Mixing’ macOS Malware Tactics to Evade Detection
News

North Korean Hackers ‘Mixing’ macOS Malware Tactics to Evade Detection

Threat actors from North Korea have been observed "mixing and matching" various components of the two distinct attack chains, using RustBucket droppers to propagate KANDYKORN, one of the macOS malware strains they are responsible for. The research was conducted by cybersecurity firm SentinelOne, which also connected the RustBucket campaign to a third malware that is specific to macOS and is known as ObjCShellz. RustBucket is the name of an activity cluster associated with the Lazarus Group, wherein, upon viewing a specially crafted lure document, a backdoored version of a PDF reader app called SwiftLoader read more North Korean Hackers 'Mixing' macOS Malware Tactics to Evade Detection. Get up to date on the latest cybersecurity news and enhance your knowledge of cybersecurity wit...
North Korean Hackers Targeting Crypto Experts with KANDYKORN macOS Malware
News

North Korean Hackers Targeting Crypto Experts with KANDYKORN macOS Malware

Using a unique macOS malware known as KANDYKORN, state-sponsored threat actors from the Democratic People's Republic of Korea (DPRK) have been discovered using Discord to target blockchain engineers of an unidentified cryptocurrency exchange company. According to Elastic Security Labs, which cited an examination of the network architecture and methods employed, the activity, which dates back to April 2023, shows similarities with the notorious antagonistic collective Lazarus Group. "In order to obtain first access to the environment, threat actors enticed blockchain engineers with a Python application," security experts Ricardo Ungureanu, Seth Goodwin, and Andrew Pease stated in a paper released today. This intrusion involved multiple complex stages that each employed deliberate ...
Citrix Bleed exploit lets hackers hijack NetScaler accounts
News

Citrix Bleed exploit lets hackers hijack NetScaler accounts

The 'Citrix Bleed' vulnerability, identified as CVE-2023-4966, has a proof-of-concept (PoC) exploit available that enables attackers to obtain authentication session cookies from susceptible Citrix NetScaler ADC and NetScaler Gateway appliances. Citrix resolved CVE-2023-4966, a critical-severity remotely exploitable information disclosure vulnerability, on October 10th, albeit not much information was disclosed. Mandiant disclosed on October 17 that the vulnerability had been exploited as a zero-day attack since late August 2023. Citrix sent out a follow-up warning on Monday to NetScaler ADC and Gateway appliance managers, asking them to patch the vulnerability right away read more Citrix Bleed exploit lets hackers hijack NetScaler accounts. Get up to date on the latest cybers...
New AtlasCross hackers use American Red Cross as phishing lure
News

New AtlasCross hackers use American Red Cross as phishing lure

AtlasCross, a new APT hacking outfit, uses phishing lures that impersonate the American Red Cross to target businesses and spread backdoor software. DangerAds and AtlasAgent, two previously unreported trojans, have been linked to attacks by the new APT organization, according to cybersecurity firm NSFocus. According to NSFocus, the AtlasCross hackers are skilled and evasive, making it difficult for the researchers to pinpoint their origin. This APT attacker is quite different from known attacker characteristics in terms of execution flow, attack technology stack, attack tools, implementation details, attack objectives, behavior tendency, and other main attribution indicators, according to NSFOCUS Security Labs, which conducted an in-depth analysis of the attack process read more ...
Hackers actively exploiting Openfire flaw to encrypt servers
News

Hackers actively exploiting Openfire flaw to encrypt servers

Openfire messaging servers have a high-severity vulnerability that hackers are actively using to install cryptominers and encrypt servers with ransomware. A popular Java-based open-source chat (XMPP) server called Openfire has been downloaded 9 million times and is frequently used for private, cross-platform chat communications. The vulnerability, identified as CVE-2023-32315, affects Openfire's administrative dashboard and results in an authentication bypass, enabling unauthenticated attackers to establish new admin accounts on vulnerable servers. These accounts are used by the attackers to install malicious Java plugins (JAR files), which then carry out instructions received via GET and POST HTTP requests read more Hackers actively exploiting Openfire flaw to encrypt servers. ...